Mikrotik - two links, no access to the router using the IP address.

RouterOS Beginner Basics
1

Hi

I am trying to configure a Mikrotik router as follows:

  • I have Internet connected to ether1 port where I get an IP address using DHCP client.
    On the router, configure the VPN client (ovpn) - interface (ovpn-out1)
    I’m adding an interface (ovpn-out1) to the masquerade
ip firewall nat add chain=srcnat out-interface=ovpn-out1 action=masquerade

At this point I am able to select ether1 or ovpn1 link (outgoing IP address) for all devices on the network without any problem by manipulating the “Default Route Distane” value in DHCP client for ether1 interface
Choosing the ovpn-out1 interface

ip dhcp-client set ether1 default-route-distance=10

Choosing the ether1 interface

ip dhcp-client set ether1 default-route-distance=1

Currently, I need to make a modification so that the choice of link depends on which ether2 or ether3 interface the computer connects to
I tried to do it as follows
I remove the ether3 interface from the bridge, create a new bridge2 to which I add the ether3 interface
Next

routing table add name=mark_WAN1 fib
routing table add name=mark_VPN fib
ip firewall mangle add chain=prerouting in-interface=bridge action=mark-routing new-routing-mark=mark_WAN1 passthrough=no
ip firewall mangle add chain=prerouting in-interface=bridge2 action=mark-routing new-routing-mark=mark_VPN passthrough=no
ip route add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-table=mark_WAN1

at this point, access to the router using the IP address fails, after the MAC address, I can still get in

ip route add dst-address=0.0.0.0/0 gateway=10.8.0.1 routing-table=mark_VPN

After these steps, when I connect the computer to ether2, I exit with the ether1 interface, while when I connect the computer to ether3, I exit with the ovpn-out1 interface.
So everything works fine, the only problem is that I do not have access to the router using the IP address, I have access only via MAC.

2

any ideas?

3

What’s missing here?

  • A brief local network description:
  • links
    • routers
    • switches
    • client devices
    • IP subnet plan
  • Relevant MikroTik devices by model number.
  • Privacy redacted exports from MikroTik devices.
4

amen brother, a coherent request needed for sure!
https://forum.mikrotik.com/viewtopic.php?p=908118

5

I will try to describe my problem again:
Mikrotik has an IP address of 192.168.88.1/24
Computer 1 has an IP address of 192.168.88.15
Computer 2 has an IP address of 192.168.88.152
external IP address for main WAN is e.g. 15.15.15.15
external IP address for VPN to e.g. 20.20.20.20

What I want to achieve is to go to https://ipaddress.my/ so that computer 1 shows the external IP address 15.15.15.15 and computer 2 shows the external IP address 20.20.20.20

I am currently using the configuration below

/certificate import file-name=vpn.crt
/certificate import file-name=vpn.key
/interface ovpn-client add user=vpn certificate=vpn.crt_0 tls-version=any auth=sha256 cipher=aes256 use-peer-dns=yes add-default-route=no protocol=tcp mode=ip profile=default port=43121 connect-to=20.20.20.20
/ip firewall nat add chain=srcnat out-interface=ovpn-out1 action=masquerade
ip dhcp-client set ether1 default-route-distance=10
/ip firewall address-list add address=192.168.88.150-192.168.88.160 list=VPN-list
/routing table add disabled=no fib name=VPN-route
/ip firewall mangle add action=mark-routing chain=prerouting new-routing-mark=VPN-route passthrough=yes src-address-list=VPN-list
/ip firewall filter add action=accept chain=forward out-interface=ovpn-out1 src-address-list=VPN-list
/ip route add disabled=no dst-address=0.0.0.0/0 gateway=ovpn-out1 routing-table=VPN-route

After this procedure, computer 1 has an external IP 15.15.15.15, while computer 2 has an external IP 20.20.20.20, so I was successful, but the problem is that from computer 2 I cannot connect to the router using the IP address 192.168.88.1
What to do to be able to connect to the IP address 192.168.88.1 from computer 2, the connection stops working after issuing the following command.

/ip route add disabled=no dst-address=0.0.0.0/0 gateway=ovpn-out1 routing-table=VPN-route